KBI 310799 Issue Addressed: Argent For Compliance May Read Empty Event Log Message When Using WMI Method
Version
Argent for Compliance 3.1A-1401-A or below
Date
Friday, 10 Jan 2014
Summary
If event message DLL is corrupted or missing, Windows cannot compose the complete message text
If it is viewed in Event Log Viewer, message may be displayed as following:
When Argent for Compliance reads the same event using WMI, WMI only returns empty message instead
The test result may look like following:
Technical Background
Argent for Compliance 3.1A-1401-B has been enhanced to compose a substitute message using insertion strings
The test result may look like following:
Resolution
Upgrade to Argent AT 3.1A-1401-B or later
Customer, who cannot upgrade, can switch the Rule to use method ‘Automatically Determined‘ or ‘Read Event Log File Directly‘